Pop Quiz: Windows Server 2008 R2, Active Directory Configuration -- Configure RODC
Applies to the "Configuring Active Directory Roles and Services" objective of Exam 70-640 TS: Windows Server 2008 Active Directory Configuration.
Q: Which of the following must be present to enable credential caching on a read-only domain controller (RODC)?
- All DCs must be running Windows Server 2008
- All DCs must be running Windows Server 2008 R2
- There must be at least one writable domain controller in the domain
- The functional level for the domain and forest must be Windows Server 2003 or higher
Answer and explanation is below.
Answer is C and D: Credentials consist of a small set of approximately 10 passwords that are associated with user or computer accounts. By default a RODC does not store user or computer credentials. The administrator must explicitly allow any credential caching on an RODC.
Quick Tip: An RODC provides a way to deploy a domain controller more securely in locations that require fast and reliable authentication services but cannot ensure physical security for a writable domain controller.
Bonus Question: What are the steps required to perform an offline defragmentation of the Active Directory database? (Tweet your answer with #pop640c and get a chance to win a Redmond t-shirt! Deadline for entries is Wednesday, April 25.)
Answer to last week's bonus question: The Active Directory module for Windows PowerShell, ADSI Edit, and ldifde can all be used to create a PSO (Password Settings Object) in a domain to support FGPP (Fine-Grained Password and Account Lockout Policies).
Andy Barkl, MCT/MCITP/MCSA, A+, Network+, Security+, CCNA has been studying technology for 30 years. Of the last 15 years, he has spent much of his time parting the knowledge and experience he has gained through IT exams, over 300, to help others be prepared and successful. He teaches classes in Phoenix, Ariz. where he has lived most of his life. He can be reached by e-mail at firstname.lastname@example.org.